Exclusive: CyberArk and the evolving role of CISOs
In a detailed interview with Thomas Fikentscher, Area Vice President for ANZ at CyberArk, the evolving landscape of cybersecurity and its integral role in digital transformation and organizational resilience were thoroughly explored. CyberArk, recognized as a prominent player in identity security, addresses the critical issue of identity-related breaches, which is at the forefront of cybersecurity challenges today. Fikentscher shared, "99% of companies expect an identity-related cyber breach just in 2024," highlighting the urgency for robust cybersecurity measures.
CyberArk's global presence spans 110 countries, reflecting the universal threat of cybersecurity breaches. Since its inception in 1999 and its public listing in 2014, CyberArk has been at the cutting edge of cybersecurity solutions. Fikentscher touched on CyberArk's impact, noting that "when you look at the amount of large companies globally, in key industries, like finance, telecommunications, that have been working with us, I think it can be interpreted as an endorsement and puts us in a pretty strong position."
Fikentscher emphasized CyberArk's distinctiveness in the cybersecurity space, attributed to its heritage of securing privileged access, a critical aspect of IT security linked to administrative functions. "We believe we are in a very strong position to deal with any form of complexity in any environment that's out there," he stated. He also highlighted the company's extensive network of alliances and integrations that bolster its platform's interoperability and effectiveness, and the company's ongoing momentum in the cybersecurity industry.
In light of the increasing legislative and compliance requirements and the continuous occurrence of breaches, Fikentscher pointed out that the essence of many cybersecurity issues lies in identity management, placing CyberArk at the core of addressing these challenges. "The knowledge built over 20 years in the Identity and Access Management domain puts us front and centre in dealing with all forms of identity-related risks," he said.
Discussing the evolving role of Chief Information Security Officers (CISOs), Fikentscher drew parallels with the transformative nature of Chief Digital Officer (CDO) roles, underscoring the need for CISOs to engage across organizational functions to ensure comprehensive security transformation alongside digital transformation efforts. This holistic approach is essential for mitigating "cyber debt" and fostering a proactive rather than reactive cybersecurity posture.
The conversation also touched on the imperative of changing the narrative around cybersecurity investment. Rather than viewing it as a grudgingly accepted cost, Fikentscher argues for recognizing cyber hygiene as critical to business value, especially in light of high-profile breaches that have significant economic impacts. "If you just flip that coin and think about the positive impact... we are going to secure highly-valuable digital assets right from the beginning, that is a positive conversation, in my opinion," he asserted.
The interview also explored the specific cybersecurity challenges and approaches in various industries, noting the proactive stance in sectors like finance and critical infrastructure, partially driven by stringent regulatory requirements.
Insurance premiums and cybersecurity strategies were highlighted as increasingly interconnected, with insurers demanding more rigorous cybersecurity measures from companies seeking coverage. This trend underscores the growing recognition of robust cybersecurity practices as vital for operational and financial resilience.
Finally, Fikentscher discussed the need for organizational structural changes to better integrate cybersecurity into corporate governance and strategic planning. "A CISO has the right intention with their teams, but then other parts of the business don't have the same priorities... so if you allow the CISOs to have more cross-functional accessibility, things will accelerate," adds Fikentscher. He called for enhanced governance models that include cybersecurity considerations at the board and executive levels, facilitating cross-functional collaboration and ensuring that cybersecurity is treated as a company-wide priority rather than confined to IT departments.
Throughout the interview, Fikentscher's insights shed light on the critical role of cybersecurity in today's digital age, emphasizing the need for a proactive, integrated approach to safeguarding digital assets and infrastructure against increasingly sophisticated threats.